PT-2025-8831 · Linux+7 · Linux Kernel+7

Fedor Pchelkin

·

Published

2025-01-15

·

Updated

2026-03-14

·

CVE-2024-58009

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A issue has been identified in the Linux kernel related to Bluetooth L2CAP handling. Specifically, a NULL sock pointer is passed into l2cap sock alloc() when called from l2cap sock new connection cb(), and error handling paths should be aware of this. The problem arises because l2cap chan create() adds a soon-to-be-deallocated channel to a global list before it is properly initialized, but a more straightforward solution is to check for NULL instead of rearranging function calls. This issue was discovered by the Linux Verification Center using the SVACE static analysis tool.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-665

Related Identifiers

BDU:2025-12251
CVE-2024-58009
DLA-4102-1
INFSA-2025_6966
OESA-2025-1283
OESA-2025-1284
OESA-2025-1317
OESA-2025-1446
OESA-2025-1450
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
RHSA-2025:6966
RHSA-2025_6966
SUSE-SU-2025:01600-1
SUSE-SU-2025:01919-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_01600-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7516-1
USN-7516-2
USN-7516-3
USN-7516-4
USN-7516-5
USN-7516-6
USN-7516-7
USN-7516-8
USN-7516-9
USN-7517-1
USN-7517-2
USN-7517-3
USN-7518-1
USN-7539-1
USN-7640-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu